Powershell script to find changes made to OU

Looking for powershell commands to see who changed an OU

We dont have AD auditing enabled and I would like to check if there is a way with powershell to see who changed it
LVL 1
Indie101Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

footechCommented:
It's a simple answer.  No.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Indie101Author Commented:
Thanks surprised at no auditing (contracting here) i can see the time it was changed at just can't see by who
0
footechCommented:
Yep, if all the information about who changed what was available all the time, there would be no need to turn on auditing.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

MichelangeloConsultantCommented:
You can see the exact time in which the last change was performed and on which DC has been originated. Then you can check who obtained kerberos tickets at that time. Thats the maximum detail yoy can obtain ehen auditing is not enabled.
0
Indie101Author Commented:
Can you outline the steps to do that Michelangelo?
0
MichelangeloConsultantCommented:
Hi indie101
basically you have to proceed as described here
https://blogs.technet.microsoft.com/heyscriptingguy/2015/07/03/use-powershell-to-find-changes-to-active-directory/
and

https://blogs.technet.microsoft.com/askpfeplat/2012/05/06/how-to-track-the-who-what-when-and-where-of-active-directory-attribute-changes-part-ii-the-case-of-the-mysteriously-modified-upn/

which is using repadmin /showobjmeta to check replication data on all DCs. Each DC will have a timestamp, earlier one is the on which recorded the change.
Upon determining that DC, you can check for kerberos tickets active in that date range in the Event Log. It is a manual process and your mileage may vary i.e. it depends on how many users were accessing the directory at that time.
Find here an example script which follows this road in examining changes to groups:

https://gallery.technet.microsoft.com/scriptcenter/Find-the-time-a-user-was-a0bfc0cf
1
Naveen SharmaCommented:
How to Audit Changes Made to Organizational Units (OUs) in Active Directory:
https://www.lepide.com/how-to/audit-organizational-units-changes-in-active-directory.html
0
MichelangeloConsultantCommented:
Hi naveem,
This is out of context as author stated auditing is not enabled and changes haopened in the past.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.